Glossary of Operating Systems & Security Terms
Quick Links: A B C D E F G H I K L M N O P R S T U V W X
802.11 — Also called the IEEE Standard for Wireless LAN, Medium Access Control (MAC) and Physical Layer (PHY) Specifications, a standard that encompasses fixed and mobile wireless data communications for networking.
802.1i — A standard for wireless and wired security that builds on the 802.1x standard and implements the Temporal Key Integrity Protocol (TKIP) for creating random encryption keys from one master key.
802.1x — A wireless and wired authentication standard offered by the IEEE that is a port-based form of authentication.
A
access control list (ACL) — A list of all security properties that have been set up for a particular object, such as a shared folder or a shared printer.
access point — A device that attaches to a cabled network and that services wireless communications between WNICs and the cabled network.
access rights — Privileges to access objects such as directories and files; used in NetWare, and similar to permissions in other operating systems. See permissions.
access servers — Devices that provide remote communications, such as multiple modems and connections to telecommunications lines.
account lockout — A security measure that prohibits anyone from logging on to a computer directly or through a directory service, after a specified number of unsuccessful attempts.
Active Directory — A Windows 2000 or 2003 server database of computers, users, shared printers, shared folders, and other network resources, and resource groupings that is used to manage a network and enable users to quickly find a particular resource.
Active Intrusion Detection (AID) — Using one or more tools that detect an attack on a computer system or network and then send an alert to an administrator or take an action to block the attack.
administrative templates — In Windows 2000/XP/2003, preconfigured group policies for client connectivity (for example, for managing Windows 2000/XP clients) and for using software (such as Internet Explorer).
Advanced Encryption Standard (AES) — A new standard that has been adopted by the U.S. government to replace DES and 3DES, and that employs a private-key block-cipher form of encryption.
alert — A message or warning sent to an administrator about specific operating system or network events, such as when there are a number of failed attempts at logging on to an administrative account, or when a TCP port is being scanned.
antenna — A device that sends out (radiates) and picks up radio waves.
application-level gateway — A proxy that filters application-level protocols and requests between an internal network and an external network. See proxy.
Application Programming Interface (API) — Functions or programming features in an operating system that programmers can use for network links, links to messaging services, or interfaces to other systems.
asymmetric encryption — A form of encryption in which there are two keys, one used to encrypt the data and the other to decrypt it.
attribute — A characteristic or marker associated with a directory, folder, or file, and used to help manage access and backups.
auditor — An intrusion-detection system that tracks a wide range of data and events related to an operating system or network.
authentication — The process of verifying that a user is authorized to access a particular computer, server, network, or network resource, such as one managed by a directory service.
Authentication Header (AH) — Used in IPSec communications for IPv4 and IPv6, a packet header that is designed to ensure the integrity of a data transmission and to ensure the authentication of a packet by enabling verification of its source.
Automated System Recovery (ASR) set — Backup media, such as a CD-Rs and a floppy disk, containing the system files and settings needed to start a system running Windows XP Professional or Windows Server 2003 in the event of system failure.
Automatic Repeat reQuest (ARQ) — An 802.11 wireless networking error-handling technique that helps to reduce communication errors created by sources of interference, such as adverse weather conditions.
B
back door — A secret avenue into an operating system that often bypasses normal security—for example, by allowing access through a program or service.
backbone — A high-capacity communications medium that joins networks and central network devices on the same floor in a building, on different floors, and across long distances.
bandwidth — The transmission capacity of a communications medium, which is typically measured in bits per second (BPS) for data communications, or in hertz (Hz) for data, voice, and video communications, and is determined by the maximum minus the minimum transmission capacity.
baseline — Also called benchmarks, measurement standards for hardware, software, and network operations that are used to establish performance statistics under varying loads or circumstances.
Basic Input/Output System (BIOS) — A computer program that conducts basic hardware and software communications inside the computer. Basically, a computer’s BIOS resides between the computer hardware and the operating system, such as UNIX or Windows.
binary backup — A technique that backs up the entire contents of one or more disk drives in a binary or image format.
block cipher — A data encryption method that encrypts groupings of data in blocks. Typically, in this method, there is a specific block size and a specific key size.
Bluetooth — A wireless networking specification that uses the 2.4-GHz band that is defined through the Bluetooth Special Interest Group.
boot disk — A removable disk, such as a 31⁄2-inch floppy or CD-R/CD-RW disc, from which to boot an operating system when there is a problem with the regular boot process from a hard disk.
boot sector — The beginning of a disk, where machine language code to start up the operating system is stored.
border gateway — A firewall that is configured with security policies to control the traffic that is permitted across a border (in either direction) between a public and private network.
bridge — A network transmission device that connects different LANs or LAN segments using the same access method.
Bridge Protocol Data Unit (BPDU) — A specialized frame used by devices that perform bridging to exchange information with one another.
buffer — A storage area in a device (for example, in a network interface card, a computer system, or a network device such as a switch) that temporarily saves information in memory.
buffer attack — An attack in which the attacker tricks the buffer software into attempting to store more information in a buffer than the buffer is able to contain. The extra information can be malicious software.
buffer overflow — A situation in which there is more information to store in a buffer than the buffer is sized to hold.
bus topology — A network design built by running cable from one computer to the next, like links in a chain.
bus-star topology — A network design that combines the logical communications of a bus with the physical layout of a star.
C
cable plant — The total amount of communications cable that makes up a network.
cache — Storage used by a computer system to house frequently used data in quickly accessed storage, such as memory.
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) — Also called the distributed coordination function, an access method used in 802.11 wireless networking that relies on the calculation of a delay or backoff time to avoid packet collisions.
cell — In wireless networking, the broadcast area around an access point.
Certificate Authority (CA) — A person or organization that issues a digital certificate.
challenge/response authentication — A form of authentication in which the computer acting as a server requests security information (such as an account name, password, and secret key) from the prospective client, and requires the client to provide that information to gain access.
chassis hub — A network device typically placed at a central point on a network and on which multiple cards can be plugged into a backplane, with the cards serving different functions, such as switching, routing, and even connecting to a telecommunications link.
checksum — A hashed value used to check the accuracy of data sent over a network (see CRC).
cipher lock — A keyless lock that is often programmable and that uses a combination or takes an identification card, fingerprint, palm scan, or other similar identification.
circuit-level gateway — A proxy that creates a secure virtual circuit through an internal network to a client computer that is communicating with a computer on an external network via the proxy. See proxy.
Classless Inter-Domain Routing (CIDR) — An IP addressing method that ignores address class designations and that uses a slash at the end of the dotted decimal address to show the total number of available addresses.
clustering — The ability to increase the access to server resources and provide fail-safe services by linking two or more discrete computer systems to appear to function as though they are one.
coaxial cable — Also called coax, a network cable medium that consists of a copper core, surrounded by insulation. The insulation is surrounded by another conducting material, such as braided wire, which is covered by an outer insulating material.
COM+ — An enhancement to COM enabling publishing and subscriber services for applications, load balancing, transaction handling, and other services.
community name — A password or identifier used by network agents and a network management station so their communications cannot be easily intercepted by an unauthorized workstation or device.
Component Object Model (COM) — A set of standards for building software from individual objects or components; COM provides the basis for Object Linking and Embedding (OLE) and ActiveX, for example.
Compressed Serial Line Internet Protocol (CSLIP) — A newer version of SLIP that compresses header information in each packet sent across a remote link. See Serial Line Internet Protocol.
computer network — A system of computers, print devices, network devices, and computer software linked by communications cabling or radio and microwaves.
connection-oriented service — A service that occurs between the LLC sublayer and the network layer in network communications, providing methods to ensure data is successfully received by the destination station.
connectionless service — A service that occurs between the LLC sublayer and the network layer, but that provides no checks to make sure data accurately reaches the receiving station.
cookie — Information that a Web server stores on a client computer, such as the client’s preferences when accessing a particular Web site, or where the client has been on the Web site.
Cryptographic File System (CFS) — A file system add-on available as open source software for UNIX and Linux systems, enabling disk file systems and NFS files to be encrypted.
Cryptographic Message Syntax (CMS) — A syntax often used by S-HTTP, for encapsulating information in an encrypted format.
cyclic redundancy check (CRC) — An error-detection method that calculates a value for the total size of the information fields contained in a frame or packet. The value is used to determine if a transmission error has occurred.
D
Data Encryption Standard (DES) — Developed by IBM and refined by the National Bureau of Standards, an encryption standard originally developed to use a 56-bit encryption key. A newer version is called Triple DES (3DES). 3DES hashes the data three times and uses keys of up to 168 bits in length.
data warehouse — A duplicate of some or all of a main database’s data, with the data warehouse typically housed on another computer. A data warehouse is often created for queries and reporting, and to provide a backup of the main database.
decoy — Also called a honey pot, a fully operational computer and operating system, such as a server, that contains no information of value and is used to attract attackers so they can be identified before they do harm to other systems on a network.
De-Militarized Zone (DMZ) — A portion of a network that exists between two or more networks that have different security measures in place, such as the “zone” between the private network of a company and the Internet.
Denial of Dervice (DoS) attack — An attack that interferes with normal access to a network host, Web site, or service, for example by flooding a network with useless information or with frames or packets containing errors that are not identified by a particular network service.
device driver — Computer software designed to provide the operating system and application software access to specific computer hardware.
device lock — A locking device, such as a cable with a lock, that attaches a computer or network device to a stationary object.
differential backup — Backs up all files that have an archive attribute, but does not remove that attribute after files are backed up.
diffused infrared — Reflecting infrared signals off a ceiling inside a building. Diffused infrared is used by the 802.11R standard for wireless communications.
digital certificate — A set of unique identification information that is typically put at the end of a file, or that is associated with a computer communication. Its purpose is to show that the source of the file or communication is legitimate.
digital signature — A code, such as a public key, that is placed in a file to verify its authenticity by showing that it originated from a trusted source.
Digital Subscriber Line (DSL) — A technology that uses advanced modulation technologies on regular telephone lines for high-speed networking at speeds of up to 60 Mbps (for Very High Bit-Rate Digital Subscriber Line, or VDSL) between subscribers and a telecommunications company.
Direct Sequence Spread Spectrum modulation (DSSS) — An 802.11b wireless communication technique that spreads the data across any of up to 14 channels, each 22 MHz in width. The data signal is sequenced over the channels and is amplified to have a high gain, to combat interference.
directory service — A large repository of data and information about resources such as computers, printers, user accounts, and user groups that (1) provides a central listing of resources and ways to quickly find resources, and (2) provides a way to access and manage network resources, for example, by means of organizational containers.